Screamingcss
Jump to navigation
Jump to search
ScreamingCSS.pl
Description
ScreamingCSS.pl is a Perl script written by David Devitry, inspired from screamingCobra, written by Samy Kamkar.
The script detects entry points (XSS vulnerabilities) on Web applications.
Usage
Basic syntax
screamingCSS.pl [-e] [-i] [-s|-v] <http://host.name>[:port][/start/page]
Options
- -e (EXTRA TECHNIQUES)
- Uses multiple techniques to find bugs. This will take over twice the amount of time to complete a scan and the other techniques used with this options are not commonly found in applications but if you need to do a very strong pen test, you may want to use this option.
- -i (DON'T IGNORE ANY FILES)
- In the program, there is a user-configurable array of extensions to ignore (not to GET). Those include images, compressed files, etc. This is because those files will usually not be HTML pages so there won't be any useful data in them, and they may take up a lot of bandwidth as well. This option ignores that list and screamingCobra will not ignore any files.
- -s (STATUS BAR)
- This creates a status bar with constantly updated numbers of pages accessed, bugs found and attempted vulnerability scans. Cannot be used with verbose, although the status bar is ALWAYS displayed when the user unexpectedly exits or kills the application (^C) or when the application is finished crawling.
- -v (VERBOSE)
- This will display all the files being accessed and will also list when CGIs are found and attempted to be broken (to find vulnerabilities). Cannot be used with status bar, although a status bar is ALWAYS displayed when the user unexpectedly exits or kills the application (^C) or when the application is finished crawling.
Example
# ./screamingCSS.pl -e -i -v http://www.target-site.fr Beginning to scan www.target-site.fr :: for CGI bugs... Kick back and relax, this will take a while... GET www.target-site.fr:80/ GET www.target-site.fr:80/welcome.php GET www.target-site.fr:80/map.php GET www.target-site.fr:80/contact.php GET www.target-site.fr:80/sendmail.php?name=&mailfrom=&mailbody=%22%3exxx%3cP%3eyyy&btnValidation=Envoyer GET www.target-site.fr:80/sendmail.php?name=&mailfrom=&mailbody=&btnValidation=%22%3exxx%3cP%3eyyy GET www.target-site.fr:80/sendmail.php?name=%22%3exxx%3cP%3eyyy&mailfrom=&mailbody=&btnValidation=Envoyer GET www.target-site.fr:80/sendmail.php?name=&mailfrom=%22%3exxx%3cP%3eyyy&mailbody=&btnValidation=Envoyer GET www.target-site.fr:80/reprise.php GET www.target-site.fr:80/renovation.php GET www.target-site.fr:80/majnews.php GET www.target-site.fr:80/logincheck.php?pseudo=&password=%22%3exxx%3cP%3eyyy GET www.target-site.fr:80/logincheck.php?pseudo=%22%3exxx%3cP%3eyyy&password= GET www.target-site.fr:80/actus.php GET www.target-site.fr:80/actus.php?search=%22%3exxx%3cP%3eyyy BUG FOUND - http://www.target-site.fr:80/actus.php?search=%22%3exxx%3cP%3eyyy GET www.target-site.fr:80/construction.php GET www.target-site.fr:80/amenagement.php GET www.target-site.fr:80/whoarewe.php GET www.target-site.fr:80/img/big/